Google.Golang.Org Protobuf vulnerabilities

CVE-2024-24786 [MEDIUM] CWE-835 Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

CVE-2023-24535 [HIGH] CWE-125 google.golang.org/protobuf vulnerable to panic leading to denial of service google.golang.org/protobuf vulnerable to panic leading to denial of service Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.